Secrets Manager Secret
๐ฆ Overviewโ
This Terraform module provisions an AWS Secrets Manager secret with an initial plaintext value.
It enables secure storage of sensitive information such as API keys, credentials, and config secrets.
โ Key Featuresโ
- Creates a new secret in AWS Secrets Manager
- Accepts a plaintext value as the initial secret version
- Automatically enables versioning and tagging
- Designed for runtime secret retrieval in secure apps
๐ผ Use Casesโ
- Storing API keys or external service credentials securely
- Managing secrets for ECS, Lambda, or EC2-based apps
- Integrating secrets into CI/CD pipelines or configuration tools
- Reducing plaintext exposure by removing hardcoded secrets
๐ฅ Input Variablesโ
| Name | Type | Description |
|---|---|---|
region | string | AWS region where the secret will be created |
secret_name | string | Name of the secret in Secrets Manager |
secret_value | string | Plaintext value to store as the secret's initial version |
description | string | (Optional) Description for the secret |
environment | string | Tag to specify the deployment environment (e.g., prod, staging) |
๐ค Outputsโ
| Name | Description |
|---|---|
secret_name | The name of the created secret |
secret_arn | The ARN of the created Secrets Manager secret |
secret_version_id | The version ID of the initial stored secret |
๐ Deployment Readinessโ
- โ Compatible with Terraform 1.0+
- โ Tested with AWS provider 5.x
- ๐งช Requires IAM permissions to manage Secrets Manager resources
๐ ๏ธ Example Usageโ
module "secrets_manager_secret" {
source = "git::ssh://git@github.com/archiphire/aws-level-1-modules.git//developer-utilities/secrets-manager-secret?ref=v1.0.0"
region = "us-east-1"
secret_name = "my-api-key"
secret_value = "superSecretValue123!"
description = "API key for third-party integration"
environment = "prod"
}
terraform init
terraform plan
terraform apply
or
tofu init
tofu plan
tofu apply
๐งน Cleanup Optionsโ
For testing:
Terraform Destroy (for test environments):
terraform destroy
or
tofu destroy
For production:
Manually delete the secret via the AWS Console or CLI to avoid disrupting services that depend on it:
aws secretsmanager delete-secret --secret-id my-api-key
๐ก๏ธ Notesโ
This is a Level 1 secure storage module for handling single-value secrets. For automated rotation, multi-stage secrets, or dynamic refresh, pair with rotation-enabled modules or custom Lambda-based solutions.
๐ Deployment Package Noticeโ
This module is part of the Level 1 AWS License Tier. To access the full deployment package and source code, subscribe to Archiphire.